This closes #519

artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/proton/plug/ActiveMQProtonConnectionCallback.java

@@ -56,7 +56,25 @@ public class ActiveMQProtonConnectionCallback implements AMQPConnectionCallback
 
    @Override
    public ServerSASL[] getSASLMechnisms() {
-      return new ServerSASL[]{new AnonymousServerSASL(), new ActiveMQPlainSASL(manager.getServer().getSecurityStore(), manager.getServer().getSecurityManager())};
+      boolean supportsAnonymous = false;
+      try {
+         manager.getServer().getSecurityStore().authenticate(null, null, null);
+         supportsAnonymous = true;
+      }
+      catch (Exception e) {
+         // authentication failed so no anonymous support
+      }
+
+      ServerSASL[] result;
+
+      if (supportsAnonymous) {
+         result = new ServerSASL[]{new AnonymousServerSASL(), new ActiveMQPlainSASL(manager.getServer().getSecurityStore())};
+      }
+      else {
+         result = new ServerSASL[]{new ActiveMQPlainSASL(manager.getServer().getSecurityStore())};
+      }
+
+      return result;
    }
 
    @Override

artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/proton/sasl/ActiveMQPlainSASL.java

@@ -17,24 +17,26 @@
 package org.apache.activemq.artemis.core.protocol.proton.sasl;
 
 import org.apache.activemq.artemis.core.security.SecurityStore;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
 import org.proton.plug.sasl.ServerSASLPlain;
 
 public class ActiveMQPlainSASL extends ServerSASLPlain {
 
-   private final ActiveMQSecurityManager securityManager;
-
    private final SecurityStore securityStore;
 
-   public ActiveMQPlainSASL(SecurityStore securityStore, ActiveMQSecurityManager securityManager) {
-      this.securityManager = securityManager;
+   public ActiveMQPlainSASL(SecurityStore securityStore) {
       this.securityStore = securityStore;
    }
 
    @Override
    protected boolean authenticate(String user, String password) {
       if (securityStore.isSecurityEnabled()) {
-         return securityManager.validateUser(user, password);
+         try {
+            securityStore.authenticate(user, password, null);
+            return true;
+         }
+         catch (Exception e) {
+            return false;
+         }
       }
       else {
          return true;